view doc/Cookies.txt @ 1958:7860a3051241

Fix for endless loop with META refresh and same URL or no URL at all
author Jorge Arellano Cid <>
date Fri, 15 Apr 2011 14:08:53 -0300
parents 970b8815d82b
children 1b4d8d05173d
line wrap: on
line source
Jan 2002, Jörgen Viksell -,
          Jorge Arellano Cid --
Last update: March 2010

 Cookies in Dillo

Dillo's cookies implementation is guided by ongoing work by the HTTP State WG
( ) to specify current
real-world cookies usage.

Cookies are handled by a dpi (plugin) which shares them between your
instances of Dillo.

Currently, cookie limits are: 20 per domain, and 1200 in total.

When the dpi exits, cookies that you have ACCEPTed are saved to
~/.dillo/cookies.txt, and ACCEPT_SESSION cookies are forgotten.
The dpi normally exits after a period of inactivity, but you can force it to
exit with the command "dpidc stop".

 Controlling cookies

Out of the box, dillo rejects all cookies.

If you want to accept certain cookies, you can specify rules for different
domains in the file ~/.dillo/cookiesrc. The syntax looks like:

#host         action

Line 0: Comment line begins with '#'.
Line 1: Deny all cookies from all domains not otherwise specified.
Line 2: Accept all cookies from, and save them to
        ~/.dillo/cookies.txt when the cookies dpi exits.
Line 3: Accept all cookies from all subdomains of, but
        do not save them when the dpi exits.

If you are positive that you will never want any cookies, you can
configure/compile Dillo without cookie support. The option is:
./configure --disable-cookies

 Cookies & Privacy

 Cookies can be a severe threat to personal privacy. The pages you
visit can be tracked, logged, and associated to a peronal data-record,
allowing the possibility of building a detailed profile of your
browsing habits.

 This data is sold to companies that profit from direct use of such
information (SPAM, Spying, etc).

 If this data is cross-referenced with other databases, they can end up
with more information than you have about yourself.

 Some people may tell you this is "paranoid". But please, take my words
as those of someone that has written a web browser, a cookies implementation,
and that has deep understanding of HTTP (RFC-2068) and cookies (RFC-2965).

 Non technical persons may like to read:

 The dillo project is especially concerned about privacy and security
issues. Our advice is to avoid cookies whenever possible and at most set
ACCEPT_SESSION to specific, trusted sites.  -- You have been warned.

Thats all folks!